Wireless security lacking at a large convention

AirDefense unveiled results from its wireless airwave monitoring on Monday, January 14, at the 97th annual National Retail Federation (NRF) Convention & Expo.

AirDefense discovered less than 10% of the 458 Access Points in use at NRF were using “bullet proof’ encryption such as WPA2. In fact, nearly 60% of APs were using Wired Equivalent Privacy (WEP), the weakest protocol for wireless data encryption, which can be compromised in minutes but is in wide use today.

While monitoring the wireless LAN traffic throughout the day Monday, AirDefense also found that nearly 80% of the 1,693 wireless devices such as laptops, PDAs, phones and vendor PCs were susceptible to “Evil Twin” types of attacks. “Evil Twins” are the wireless version of email phishing scams, a technique whereby an attacker tricks victims into connecting to a laptop or PDA by posing as a legitimate hotspot.

Other interesting findings:

  • Lack of pre-802.11n equipment. AirDefense found less than one percent of the devices on the show floor were pre-802.11n. Trade shows such as NRF are designed to showcase the newest technologies in the retail space, yet the industry is lagging behind in new deployment.
  • Attack tools such as Karma, Hotspotter, and Airsnarf were all seen in the airwaves, trying to capture the probing devices to take advantage of them.
  • Many clients, when connected, would disclose information about the internal network such as Domain, Authentication Server, User Name, Password and Computer Name as all in the clear. Leaking out NetBIOS and IPX traffic was common on these devices. An attacker could and might have captured the corporate username and authentication hash (password), that the unsuspecting user would have sent over the airwaves by just connecting to the wireless network.
  • 94 laptops and other devices in the airwaves had altered their MAC addresses trying to bypass the security of the Javits’ Center Wi-Fi Hotspot. Others were doing this to either blend into the environment or hide the true identity of the device.
  • Large number of users attempting to jam the wireless signals, either by broadcasting a signal to overload the channel or using common techniques to overload Access Points, or the Channel, where thirty-nine (39) of these attacks were found.
  • Wireless enabled devices from laptops, to PDAs, to phones, to vendor PC”s were fighting for the congested airwaves. On the average the retransmission rate for wireless networks were seventy-eight percent (78%), meaning that the client would have to transmit a new packet for every four packets transmitted.



Share this